Debian DLA-2168-1 : libplist security update

critical Nessus Plugin ID 135190

Synopsis

The remote Debian host is missing a security update.

Description

libplist is a library for reading and writing the Apple binary and XML property lists format. It's part of the libimobiledevice stack, providing access to iDevices (iPod, iPhone, iPad ...).

CVE-2017-5209

The base64decode function in base64.c allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.

CVE-2017-5545

The main function in plistutil.c allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.

CVE-2017-5834

The parse_dict_node function in bplist.c allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.

CVE-2017-5835

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.

CVE-2017-6435

The parse_string_node function in bplist.c allows local users to cause a denial of service (memory corruption) via a crafted plist file.

CVE-2017-6436

The parse_string_node function in bplist.c allows local users to cause a denial of service (memory allocation error) via a crafted plist file.

CVE-2017-6439

Heap-based buffer overflow in the parse_string_node function in bplist.c allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file.

CVE-2017-7982

Integer overflow in the plist_from_bin function in bplist.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.

For Debian 8 'Jessie', these problems have been fixed in version 1.11-3+deb8u1.

We recommend that you upgrade your libplist packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html

https://packages.debian.org/source/jessie/libplist

Plugin Details

Severity: Critical

ID: 135190

File Name: debian_DLA-2168.nasl

Version: 1.5

Type: local

Agent: unix

Published: 4/3/2020

Updated: 3/19/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2017-5545

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libplist-dbg, p-cpe:/a:debian:debian_linux:libplist-dev, p-cpe:/a:debian:debian_linux:libplist-doc, p-cpe:/a:debian:debian_linux:libplist-utils, p-cpe:/a:debian:debian_linux:libplist2, p-cpe:/a:debian:debian_linux:python-plist, cpe:/o:debian:debian_linux:8.0, p-cpe:/a:debian:debian_linux:libplist%2b%2b-dev, p-cpe:/a:debian:debian_linux:libplist%2b%2b2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/2/2020

Vulnerability Publication Date: 1/11/2017

Reference Information

CVE: CVE-2017-5209, CVE-2017-5545, CVE-2017-5834, CVE-2017-5835, CVE-2017-6435, CVE-2017-6436, CVE-2017-6439, CVE-2017-7982